search
top

Equifax Breach Lessons Learned

Equifax Breach Lessons Learned

After reading the Equifax breach report released by U.S. House of Representatives Committee on Oversight and Government Reform. This would be a great post to summarize and list out key items that went wrong in the Equifax breach. Hopefully, it will lead to a wake up call for other companies in order to better their own information security. 

 

Security Representative on the Core team

It’s highly important to have someone that understands information security on your core team. Many times, the task gets pushed to the Legal or IT team core team members. This is one of the reasons that led to the breach. IT operational tasks and security tasks need to fall under a specific leader. Ideally, someone that understand security and not just IT. In Equifax’s case, security was represented by the IT team core member. However, their views were not in line with the security team leader. Therefore, something that may be of risk may not reach the CEO’s level and will get missed. However, Read The Full Post

Finding a Drupal Vulnerability

Finding a Drupal Vulnerability

So, I found my first official Drupal Vulnerability with Drupal Core. You can read more about it officially on Drupal’s website here –> https://www.drupal.org/SA-CORE-2016-001

For those that don’t know much about Drupal it is a Content Management System similar to WordPress and Joomla.

During my time conducting a security assessment and audit on Drupal, I found an issue. This particular vulnerability was found many months back. I had decided to hold off on publishing anything about it so it would give many Drupal users time to mitigate the issue.

What is the Vulnerability?

(more…)

top